[PATCH] act_nat: get the position info from skb->tc_verd

[PATCH] act_nat: get the position info from skb->tc_verd

[Changli Gao]

act_nat uses its flags field to determine where it acts. It isn't reliable,
and can't prevent users from doing wrong settings, and act_nat should get the
position info from skb->tc_verd as act_mirred does.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
----
 include/net/tc_act/tc_nat.h |    2 +-
 net/sched/act_nat.c         |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/net/tc_act/tc_nat.h b/include/net/tc_act/tc_nat.h
index 4a691f3..343376a 100644
--- a/include/net/tc_act/tc_nat.h
+++ b/include/net/tc_act/tc_nat.h
@@ -10,7 +10,7 @@ struct tcf_nat {
 	__be32 old_addr;
 	__be32 new_addr;
 	__be32 mask;
-	u32 flags;
+	u32 flags;	/* unused */
 };
 
 static inline struct tcf_nat *to_tcf_nat(struct tcf_common *pc)
diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c
index 24e614c..144e118 100644
--- a/net/sched/act_nat.c
+++ b/net/sched/act_nat.c
@@ -121,7 +121,7 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
 	old_addr = p->old_addr;
 	new_addr = p->new_addr;
 	mask = p->mask;
-	egress = p->flags & TCA_NAT_FLAG_EGRESS;
+	egress = G_TC_AT(skb->tc_verd) & AT_EGRESS;
 	action = p->tcf_action;
 
 	p->tcf_bstats.bytes += qdisc_pkt_len(skb);

Re: [PATCH] act_nat: get the position info from skb->tc_verd

[Herbert Xu]

On Fri, Jul 30, 2010 at 02:42:32AM +0800, Changli Gao wrote:
> act_nat uses its flags field to determine where it acts. It isn't reliable,
> and can't prevent users from doing wrong settings, and act_nat should get the
> position info from skb->tc_verd as act_mirred does.
> 
> Signed-off-by: Changli Gao <xiaosuo@gmail.com>

Nack, the direction controls whether we NAT saddr or daddr.  It's
perfectly OK for someone to NAT daddr on the way out.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH] act_nat: get the position info from skb->tc_verd

[Changli Gao]

On Fri, Jul 30, 2010 at 10:36 AM, Herbert Xu
<herbert@gondor.apana.org.au> wrote:
> On Fri, Jul 30, 2010 at 02:42:32AM +0800, Changli Gao wrote:
>> act_nat uses its flags field to determine where it acts. It isn't reliable,
>> and can't prevent users from doing wrong settings, and act_nat should get the
>> position info from skb->tc_verd as act_mirred does.
>>
>> Signed-off-by: Changli Gao <xiaosuo@gmail.com>
>
> Nack, the direction controls whether we NAT saddr or daddr.  It's
> perfectly OK for someone to NAT daddr on the way out.
>

Thanks for your explanation. However, ingress and egress aren't as
comprehensive as DNAT and SNAT. BTW I am planning to add stateless
PAT(Port Address Translation) support into act_nat. Any comment?

-- 
Regards,
Changli Gao(xiaosuo@gmail.com)